10518 matches found
WordPress plugin Yumpu ePaper publishing 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-0434
The WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ttbmnewplacesave' function in all versions up to, and including, 1.7.1. This makes it possible for...
PT-2024-15558 · WordPress · Wptravelly
Name of the Vulnerable Software and Affected Versions: WpTravelly plugin for WordPress versions prior to 1.7.2 Description: The issue allows unauthorized modification of data due to a missing capability check on the ttbm new place save function. This enables unauthenticated attackers to create an...
The vulnerability of the OXMF template parser component in the OX App Suite software allows a perpetrator to execute arbitrary commands and gain access to read, modify, or delete data.
The vulnerability of the OXMF template parser component in the OX App Suite program lies in the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely and gain acces...
ROS-20240529-05
A vulnerability in the ImageIO component of the Oracle Java SE software platform and the Oracle GraalVM Virtual Machine Enterprise Edition is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a partial denial of service Vulnerability i...
WordPress Plugin WpTravelly 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
CLSA-2024-1716915845 java-1.8.0-openjdk: Fix of 4 CVEs
Upgrade to shenandoah-jdk8u412-b08. That fixes the following CVEs: - CVE-2024-21011: Denial of service due to long Exception message logging - CVE-2024-21085: Pack200 excessive memory allocation - CVE-2024-21068: Integer overflow in C1 compiler address generation - CVE-2024-21094: Unauthorized...
JVN#17680667: Multiple vulnerabilities in Unifier and Unifier Cast
Unifier and Unifier Cast provided by Yokogawa Rental & Lease Corporation contains multiple vulnerabilities listed below. Incorrect Default Permissions configured by Cast Launcher CWE-276 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 7.8 CVE-2024-23847 Missing Authorization for coejobhoo...
CVE-2024-35181 GHSL-2024-013 Meshery SQL Injection vulnerability
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...
CVE-2024-0893 Schema App Structured Data <= 2.2.0 - Missing Authorization
The Schema App Structured Data plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MarkupUpdate function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with subscriber access or higher, ...
The vulnerability of LOV components in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Systems allows a perpetrator to gain access to read, modify, add, or delete data.
The vulnerability of LOV components in Oracle Complex Maintenance, Repair, and Overhaul systems arises due to insufficient validation of input data. Exploitation of this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or delete data using the HTTP...
The vulnerability of the Simphony POS component of the Oracle Hospitality Simphony sales management platform allows a perpetrator to gain access to modify, add, or delete data, or to trigger a service failure.
The vulnerability of the Simphony POS component of the Oracle Hospitality Simphony sales management platform exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain access to modify, add, or delete data, or cause service interruptions...
The vulnerabilities of LOV components in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Maintenance, Repair, and Overhaul systems—systems that enable attackers to gain access to read, modify, add, or delete data.
The vulnerability of LOV components in terms of technical maintenance, repairs, and major overhauls of Oracle system equipment exists due to insufficient verification of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or...
The vulnerability of LOV components in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Systems allows a perpetrator to gain access to read, modify, add, or delete data.
The vulnerability of LOV components in Oracle Complex Maintenance, Repair, and Overhaul systems arises due to insufficient validation of input data. Exploitation of this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or delete data using the HTTP...
CVE-2023-6325
The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the exportentries, rtformnewform, and rtformupdate functions in all versions up to, and including, 1.1.5. This makes it possible for...
CVE-2023-6325 RomethemeForm For Elementor <= 1.1.5 - Missing Authorization via export_entries, rtformnewform, and rtformupdate
The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the exportentries, rtformnewform, and rtformupdate functions in all versions up to, and including, 1.1.5. This makes it possible for...
CVE-2023-6325
CVE-2023-6325 concerns the RomethemeForm For Elementor WordPress plugin. The vulnerability arises from a missing capability check in export_entries, rtformnewform, and rtformupdate, affecting all versions up to 1.1.5. Consequences include unauthenticated export of form submissions, creation of ne...
CVE-2023-6325 RomethemeForm For Elementor <= 1.1.5 - Missing Authorization via export_entries, rtformnewform, and rtformupdate
The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the exportentries, rtformnewform, and rtformupdate functions in all versions up to, and including, 1.1.5. This makes it possible for...
PT-2024-40520 · Unknown · Developmentadmin
Name of the Vulnerable Software and Affected Versions: DevelopmentAdmin affected versions not specified Description: The issue concerns a missing permission check in the buildDefaults method on DevelopmentAdmin. Specifically, when accessing the /dev/build/defaults endpoint, the action is performe...
CVE-2023-46807
An SQL Injection vulnerability in web component of EPMM before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database...